为云边缘的安全 EMR 流提供跨域内部产品访问控制加密

IF 6.3 1区 计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS IEEE Transactions on Information Forensics and Security Pub Date : 2024-10-17 DOI:10.1109/TIFS.2024.3482724
Caiqun Shi;Qinlong Huang;Rui Jian;Genghui Chi
{"title":"为云边缘的安全 EMR 流提供跨域内部产品访问控制加密","authors":"Caiqun Shi;Qinlong Huang;Rui Jian;Genghui Chi","doi":"10.1109/TIFS.2024.3482724","DOIUrl":null,"url":null,"abstract":"The quality of medical services is improved by sharing electronic medical records (EMRs) across multiple medical institutions via cloud edge. However, EMRs contain private information about patients, and cloud servers are untrustworthy, thus they cannot be shared arbitrarily among senders and receivers. Access control encryption (ACE) is a preferred technique that produces encrypted EMRs and then restricts the capabilities of both senders and receivers to enforce the EMR flow via sanitizers. However, existing cross-domain ACE schemes employ a single sender authority to issue encryption keys for senders, which suffers from single point of failure and encryption key escrow that the sender authority can public EMRs arbitrarily. Moreover, they only support coarse-grained access structures such as AND gates, which is not suitable for flexible EMR sharing among medical institutions. To this end, we propose a cross-domain inner-product ACE (CD-IPACE) scheme that features decentralized encryption key generation and fine-grained access structures. Specifically, we construct CD-IPACE from inner-product encryption, threshold structure-preserving signature instantiated with a distributed key generation protocol, and non-interactive zero-knowledge proof, which prevents individual sender authorities from sending ciphertexts, and also protects both data and receiver privacy. Then, we design a secure EMR flow system in cloud edge named ESFlow based on CD-IPACE, which employs edge nodes as sanitizers to check encrypted EMRs and discard illegal ones. Finally, we demonstrate the security and practicality of ESFlow via formal security analysis and extensive experiments.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9866-9880"},"PeriodicalIF":6.3000,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cross-Domain Inner-Product Access Control Encryption for Secure EMR Flow in Cloud Edge\",\"authors\":\"Caiqun Shi;Qinlong Huang;Rui Jian;Genghui Chi\",\"doi\":\"10.1109/TIFS.2024.3482724\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The quality of medical services is improved by sharing electronic medical records (EMRs) across multiple medical institutions via cloud edge. However, EMRs contain private information about patients, and cloud servers are untrustworthy, thus they cannot be shared arbitrarily among senders and receivers. Access control encryption (ACE) is a preferred technique that produces encrypted EMRs and then restricts the capabilities of both senders and receivers to enforce the EMR flow via sanitizers. However, existing cross-domain ACE schemes employ a single sender authority to issue encryption keys for senders, which suffers from single point of failure and encryption key escrow that the sender authority can public EMRs arbitrarily. Moreover, they only support coarse-grained access structures such as AND gates, which is not suitable for flexible EMR sharing among medical institutions. To this end, we propose a cross-domain inner-product ACE (CD-IPACE) scheme that features decentralized encryption key generation and fine-grained access structures. Specifically, we construct CD-IPACE from inner-product encryption, threshold structure-preserving signature instantiated with a distributed key generation protocol, and non-interactive zero-knowledge proof, which prevents individual sender authorities from sending ciphertexts, and also protects both data and receiver privacy. Then, we design a secure EMR flow system in cloud edge named ESFlow based on CD-IPACE, which employs edge nodes as sanitizers to check encrypted EMRs and discard illegal ones. Finally, we demonstrate the security and practicality of ESFlow via formal security analysis and extensive experiments.\",\"PeriodicalId\":13492,\"journal\":{\"name\":\"IEEE Transactions on Information Forensics and Security\",\"volume\":\"19 \",\"pages\":\"9866-9880\"},\"PeriodicalIF\":6.3000,\"publicationDate\":\"2024-10-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Information Forensics and Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10720807/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10720807/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

摘要

通过云边缘在多个医疗机构之间共享电子病历(EMR),可以提高医疗服务的质量。然而,电子病历包含患者的私人信息,而云服务器不可信,因此不能在发送方和接收方之间任意共享。访问控制加密(ACE)是一种首选技术,可生成加密的 EMR,然后限制发送方和接收方的能力,以便通过消毒器强制执行 EMR 流。然而,现有的跨域 ACE 方案采用单个发送方授权来为发送方发放加密密钥,存在单点故障和加密密钥托管问题,发送方授权可以任意公开 EMR。此外,它们只支持 AND 门等粗粒度访问结构,不适合医疗机构之间灵活共享 EMR。为此,我们提出了一种跨域内积 ACE(CD-IPACE)方案,它具有分散式加密密钥生成和细粒度访问结构的特点。具体来说,我们从内积加密、分布式密钥生成协议实例化的阈值结构保护签名和非交互式零知识证明构建了 CD-IPACE,从而防止单个发送方机构发送密文,同时保护数据和接收方的隐私。然后,我们设计了基于 CD-IPACE 的云边缘安全 EMR 流系统 ESFlow,该系统利用边缘节点作为消毒器,检查加密的 EMR 并丢弃非法的 EMR。最后,我们通过形式安全分析和大量实验证明了 ESFlow 的安全性和实用性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Cross-Domain Inner-Product Access Control Encryption for Secure EMR Flow in Cloud Edge
The quality of medical services is improved by sharing electronic medical records (EMRs) across multiple medical institutions via cloud edge. However, EMRs contain private information about patients, and cloud servers are untrustworthy, thus they cannot be shared arbitrarily among senders and receivers. Access control encryption (ACE) is a preferred technique that produces encrypted EMRs and then restricts the capabilities of both senders and receivers to enforce the EMR flow via sanitizers. However, existing cross-domain ACE schemes employ a single sender authority to issue encryption keys for senders, which suffers from single point of failure and encryption key escrow that the sender authority can public EMRs arbitrarily. Moreover, they only support coarse-grained access structures such as AND gates, which is not suitable for flexible EMR sharing among medical institutions. To this end, we propose a cross-domain inner-product ACE (CD-IPACE) scheme that features decentralized encryption key generation and fine-grained access structures. Specifically, we construct CD-IPACE from inner-product encryption, threshold structure-preserving signature instantiated with a distributed key generation protocol, and non-interactive zero-knowledge proof, which prevents individual sender authorities from sending ciphertexts, and also protects both data and receiver privacy. Then, we design a secure EMR flow system in cloud edge named ESFlow based on CD-IPACE, which employs edge nodes as sanitizers to check encrypted EMRs and discard illegal ones. Finally, we demonstrate the security and practicality of ESFlow via formal security analysis and extensive experiments.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
IEEE Transactions on Information Forensics and Security
IEEE Transactions on Information Forensics and Security 工程技术-工程:电子与电气
CiteScore
14.40
自引率
7.40%
发文量
234
审稿时长
6.5 months
期刊介绍: The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features
期刊最新文献
Attackers Are Not the Same! Unveiling the Impact of Feature Distribution on Label Inference Attacks Backdoor Online Tracing With Evolving Graphs LHADRO: A Robust Control Framework for Autonomous Vehicles Under Cyber-Physical Attacks Towards Mobile Palmprint Recognition via Multi-view Hierarchical Graph Learning Succinct Hash-based Arbitrary-Range Proofs
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1